Fake ‘You have made an Ebay purchase’ themed emails lead to client-side exploits and malware

Over the past 24 hours, cybercriminals have launched yet another massive spam campaign, this time impersonating both eBay and PayPal, in an attempt to trick their users into clicking on the client-side exploits and malware serving links found in the malicious emails.

More details:

Sample screenshot of the spamvertised email:

Sample compromised URLs used in the campaign:hxxp://idrapidleech.com/components/com_ag_google_analytics2/purhcoverview.htmlhxxp://apartistanbul.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://setpersianstyle.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://lasienwater.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://spadanastone.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://adpalmaseca.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://ustradework.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://archerscluboffa.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://odiwohng.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://softouchsystem.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://fairwaterconsultants.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://popularesalhama.com/components/com_ag_google_analytics2/purchaseinfo.htmlhxxp://adpalmaseca.com/components/com_ag_google_analytics2/purchaseinfo.html

Responding to 59.57.247.185 are also the following malicious domains:roketlauncherskiy.orgmoid.plsecurityday.plicobag.comproscitomash.comlabpr.comshopgreatvideonax.comcodemark.netzindt.nethfeitu.netnaky.netsvictrorymedia.ruygsecured.ruwinterskyserf.ruromoviebabenki.ruaddon.surobertokarlosskiy.su